@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
Fix PhabricatorAuthCSRFEngine.php strncmp(null) PHP 8.1 error
Summary:
Update PhabricatorAuthCSRFEngine.php such that it doesn't fall over when provided with a null CSRF token under PHP 8.1
Fixes T15654
Test Plan: Do a POST request to phorge.
Reviewers: O1 Blessed Committers, valerio.bozzolan
Reviewed By: O1 Blessed Committers, valerio.bozzolan
Subscribers: tobiaswiese, valerio.bozzolan, Matthew, Cigaryno
Maniphest Tasks: T15654
Differential Revision: https://we.phorge.it/D25449
+4
-1
+4
-1
src/applications/auth/engine/PhabricatorAuthCSRFEngine.php
+4
-1
src/applications/auth/engine/PhabricatorAuthCSRFEngine.php
···
47
47
// We expect a BREACH-mitigating token. See T3684.
48
48
$breach_prefix = $this->getBREACHPrefix();
49
49
$breach_prelen = strlen($breach_prefix);
50
-
if (strncmp($token, $breach_prefix, $breach_prelen) !== 0) {
50
+
if (
51
+
$token === null ||
52
+
strncmp($token, $breach_prefix, $breach_prelen) !== 0
53
+
) {
51
54
return false;
52
55
}
53
56